General Data Protection Regulation (GDPR) Services

In response to the need for greater data privacy and protection, the European Union (EU) enacted the General Data Protection Regulation (GDPR) to govern the collection, processing, use and storage of personal data relating to any individual in the EU (citizens, residents and visitors) as well as EU citizens living abroad. The regulation applies to all organizations processing and holding the personal data of these individuals, regardless of the organization’s location.

Regulation impact

The GDPR came into force effective May 25, 2018. Penalties for noncompliance are significant. Organizations in breach of GDPR can be fined up to 4 percent of annual global revenue or €20 million (whichever is greater).

The GDPR came into force effective May 25, 2018. Penalties for noncompliance are significant. Organizations in breach of GDPR can be fined up to 4 percent of annual global revenue or €20 million (whichever is greater).

GDPR services:

Assessment of the GDPR regulation’s potential impact on your organization

Assessment of the processes your organization currently has in place and development of a roadmap for GDPR compliance

Data discovery and impact assessment

Inventory of data capture, use and purpose

Inventory of data storage

Development of process maps and GDPR requirements

Control framework design and deployment

Design – Assistance with selection of a suitable information security and privacy framework and controls for your organization with regard to its compliance requirements (including GDPR and other applicable regulations)

Deployment – Implementation of controls, policies and procedures that will allow your organization to achieve and maintain GDPR compliance, while at the same time allowing your organization to continue its work

Monitoring or internal auditing

Periodic review and validation of organization processes to assess your operations relative to plans and continued compliance with GDPR requirements